CVE-2020-25890

Published: Nov 17, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions

Affected (1)

Products: Kyocera: Ecosys M2640idw Firmware

1 product

Ecosys M2640idw Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Ecosys M2640idw Firmware	All versions

Running on/with	Platform Versions
Kyocera Ecosys M2640idw	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://vitor-santos.medium.com/xss-in-kyocera-printer-ecosys-m2640idw-cf6d3bc525e3

Source: cve@mitre.org

ExploitThird Party Advisory

https://vitor-santos.medium.com/xss-in-kyocera-printer-ecosys-m2640idw-cf6d3bc525e3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.